ISSN: EverScience Publications 149
|
|
- Hugo Butler
- 6 years ago
- Views:
Transcription
1 An Eager Strategy for TGT Generation at Client Side for Kerberos Protocol Deepika Yadav M.Tech Scholar, B.S.Anangpuria Institute of Technology &Management, Faridabad. Dr. A.K.Sharma Dean & Prof., Department of computer science &engineering B.S.Anangpuria Institute of Technology &Management, Faridabad. Abstract In this paper we present architecture of a proposed strategy called An eager strategy for TGT generation at client side. The strategy provides an alternative approach whereby a client is authenticated by an authentication server located at the client side. Here main aim is to eliminate the complex reauthentication process if client requests for same service within a time period. An authentication server database is maintained at the client side to store TGT and Service ticket. The storage of ticket enables client to easily connect to the application server and thus reducing the complex process of ticket generation and exchange. Index Terms Kerberos, client side agent, distributed operating system, authentication server, ticket granting ticket. This paper is presented at International Conference on Recent Trends in Computer and information Technology Research on 25 th & 26 th September (2015) conducted by B. S. Anangpuria Institute of Technology & Management, Village-Alampur, Ballabgarh-Sohna Road, Faridabad. 1. INTRODUCTION An Eager Strategy for TGT generation at Client side is an authentication strategy whose main aim is to eliminate the complex re-authentication process. When client requests for same network service then he needs to be re-authenticated. The re-authentication process requires lot of time and message flow. By applying the proposed strategy, reauthentication can be eliminated. An agent is located at the client side that helps in efficient message flow between client and the authentication server/key Distribution Centre (KDC). Authentication server is also maintained at the client side that verifies the identity of the user. Thus, the dependency on the KDC for authentication also gets reduced by applying the strategy. Authentication server database stores the TGT and the session keys that helps client to easily connect to the application server if he needs the same network service within a time period. Thus, eliminating the need of re-authentication. The strategy basically works on the client server model. Client requests service and the server replies back to the client. To provide mutual authentication both the client and the server verify each other's identity. It protects the client messages against eavesdropping and replay attacks. It builds on symmetric key cryptography and optionally may use public-key cryptography during certain phases of authentication. It provides the security over the distributed network by transforming the password entered by the client with the help of one-way hash function depending upon the cipher suit used and authenticate the clients with the help of an agent. 2. RELATED WORK Various research papers have been reviewed to understand the working of Kerberos protocol. The Kerberos protocol is a trusted third party authentication protocol which basically authenticates the client with the help of the authentication server and issues a Ticket Granting Ticket to the client. It also issues service ticket to the client. With the help of the service ticket, client can directly communicate with the server. It provides the reliable communication over the distributed environment by identifying the client s identities of the same domain. Various limitations arise after reviewing the papers. These are as follows: Complex re-authentication process. Heavy network load on key distribution center. Large no. of steps to access the network service Complex re-authentication process. When client wants network service then he needs to be authenticated by authentication server. After sometime if connection gets lost or over then again, client has to reauthenticate, that requires lot of time and effort. ISSN: EverScience Publications 148
2 2.2. Heavy network load on key distribution center. Authentication and ticket generation process is carried out at key distribution center that puts a heavy network load on it. Thus affects performance of key distribution center Large no. of steps to access the network service. No. of steps are required to connect to the application server. Client needs to first authenticate before requesting for the service. Authentication is performed by the authentication server that provides ticket grating ticket (TGT) to the client. After receiving the TGT from authentication server, client is able to send request to Ticket granting server (TGS). The Ticket granting server identifies the client and provides a service ticket to the client. When client receives service ticket then it gets connected to the application server. It is a very time consuming process since it requires no. of steps to connect to application server. 3. PORPOSED MODELLING In this strategy, the authentication of the client is provided by the agent situated at the client side. The service ticket is generated by the ticket granting server (TGS).It basically works in two steps. The first step includes that client need to authenticate with the help of the authentication server and obtain a tgt (ticket granting ticket).in the second step the agent obtains the service ticket to access the network service from the key distribution center. The entities used in our proposed architecture are as follows: 3.1. Client Client is the application acting on behalf of user who needs to access a resource, such as opening a file, querying a database, or printing a document. Every client requests must be authenticated before the resource is accessed Agent Agent is software situated at the client side. It acts as an intermediate between client and authentication server/key distribution center. Once the agent receives messages from client, it attempts to decrypt message with the secret key generated by the password entered by the user. Client is verified by matching the password with the user password which is stored in the authentication server data base. If it matches then, he is a genuine user otherwise not. After verifying, the agent sends the TGT (Ticket Granting Ticket) to the key distribution center and the authenticator, encrypted with the Logon session key generated by the authentication server Authentication Server The Authentication server is also situated at the client side. Client sends a message to the authentication server for requesting a service. Authentication server verifies client and after verification it generates the Logon session key and TGT (Ticket Granting Ticket) Key Distribution Center The Key Distribution Center (KDC) is a network service that supplies service tickets and temporary session keys to users within an active directory domain. It acts as a trusted third party between client and the application server Ticket Granting Server Ticket Granting Server is a logical entity situated at the Key Distribution center (KDC). The server issues tickets for connection to computers in its own domain. When clients want access to a network service, they contact ticket-granting server, present a TGT, and ask for a ticket. The ticket can be reused until it expires, but the first access to any computer always requires a trip to the ticket-granting server Application Server Application server is the host which provides the service needed by the client. Agent provides service ticket to the application server. For mutual authentication, server also verifies itself by sending an authenticator back to the client Authenticator Authenticator is a piece of information that helps in verifying client and server. The information in the authenticator must be different each time the protocol is executed; otherwise an old authenticator could be reused by any one who happens to overhear the communication User Key When a new client is added into a realm then a private key is assigned to it. The information related to the user (private key) is stored with the user object in the active directory domain of the KDC (Key Distribution Center).The private key Kuser is used to prepare the authenticator by the agent for obtaining the service ticket Logon Session key The Logon session key SKTGS is prepared by the authentication server which is used to encrypt the authenticator prepared by the TGS (Ticket Granting Server).The Log on session key SK TGS is embedded in the TGT (Ticket Granting Ticket) and in the authenticator prepared by the authentication server at the client side for ISSN: EverScience Publications 149
3 receiving the service ticket from the KDC (Key Distribution center) Session key The session key SKservice is prepared by the TGS (Ticket Granting Server). It is shared between the key distribution center and the application server Long term key of the Key Distribution center It is a secret key used by the authentication server to encrypt the TGT (Ticket Granting Ticket).It is shared between the KDC and the Authentication server situated at the client side Secret key of the server Kservice is the secret key of the application server which is only known to the KDC (Key distribution center). It is used to encrypt the service ticket prepare by the TGS (Ticket Granting Server). Figure 3: Architecture of Kerberos protocol Working steps of Kerberos protocol are as follows: Step1: First client enters username and password to login to a system. After login, if client wants network services then agent helps the client in authentication. For Authentication: Client sends a message KRB_AS_REQ to the agent. The message includes the following things:- Principal service name(i.e. service the client requested for) The Request format is as follows:- KRB_AS_REQ= {Principal Client, Principal Service, Lifetime} User key Step 2: Agent receives the request and decrypts it by transforming the user key into the plain text. Then it searches for principal client requested for the set of principal services by looking into the data base. If a match is found, then a prompt message indicates that the client has been authenticated. Now agent prepares two things:- Ticket Granting Ticket (TGT) Log on session key SK TGS. TGT includes the following things:- Principal Service name (i.e. service the client IP_list (i.e. IP address of the client machine). Log on session key SK TGS. TGT is encrypted with the Long term key of the Key Distribution Center (K TGS). TGT format is as follows: TGT= {Principal client, Principal Service, IP_list, Timestamp, Lifetime, SK TGS }K TGS. Agent stores both the TGT and the log on session key into the user credential cache. ISSN: EverScience Publications 150
4 Now agent sends the authenticator and the TGT to the Ticket Granting Server as TGS_REQ. The format of the request is as follows: TGS_REQ= {{Principal Service, Time stamp, Lifetime, SKTGS} User key {TGT} K TGS Step 3: Ticket Granting server (TGS) decrypt the authenticator with the help of the user key stored in its data base and extracts the Log on session key. Now the Ticket Granting Server (TGS) checks the following information: Ticket Granting Ticket (TGT) has not been expired. Principal client time stamp matches the one present in the TGT. IP address of the request packet is one of those contained in the list. The log on session key obtained from the authenticator is same as that of the TGT. If match is found then, TGS prepares an authenticator and encrypt it with the help of the log on session key obtained in the previous step. It also prepares a service ticket and sends both the authenticator and the service ticket as TGS_REP to the agent. The authenticator and service ticket contains the following information: Authenticator contains:- Principal Service name (i.e. Service the client Session key SKservice shared between the TGS and the application server. Timestamp (Time of the KDC). Authenticator format is as follows: Authenticator= {Principal Service, Timestamp, Lifetime, SKservice} SK TGS. Service ticket contains: Principal Service name (i.e. Service the client IP_list (i.e. IP address of the client machine). Timestamp (time of the KDC). Session key Skservice. Service ticket is as follows: Tservice= {Principal client, Principal Service, IP_list, Timestamp, Lifetime, Skservice} Kservice. TGS sends TGS_REP to agent. TGS_REP= {Principal Service, Timestamp, Life time,skservice}sk TGS {Tservice} Kservice. Step 4: After receiving TGS_REP from the ticket granting server, agent decrypt the authenticator with the help of the logon session key SK TGS and obtain the session key Skservice. Agent also prepares an authenticator and sends it to the application server along with the service ticket. Authenticator includes the following things:- Principal client name (i.e. name of the client). Timestamp (time of the agent). Authenticator format is as follows:- Authenticator= {Principal client, Timestamp} SKservice. After preparing authenticator agent sends AP_REQ to the application server. The format of the request is as follows:- AP_REQ={Authenticator}SKservice{ Tservice}Kservice. Step 5: Application server decrypts authenticator and service ticket and provides the service to the client. If mutual authentication is required then application server prepares an authenticator and sends it back to the client for authenticating itself. Step 6: If client wants same network service then, agent fetch TGT and session keys stored in the authentication server database and prepares a request on the behalf of a client. Thus by storing session keys and TGT, there is no need to authenticate client again. 4. CONCLUSION Kerberos protocol is a trusted third party authentication protocol which basically authenticates the client with the help of the authentication server and issues a Ticket granting ticket to the client. The proposed strategy tries to overcome the number of steps to access the network service. It provides the ISSN: EverScience Publications 151
5 reliable communication over the distributed environment by substituting the authentication server at the client side. Its main aim is to overcome the problem of re-authentication if client requests for same network service within certain time duration. With the help of authentication server database, TGT and session keys are stored that helps in avoiding reauthentication process. REFERENCES [1] William Stalling cryptography And Network Security.Edition 5 year [2] Eman EI-Emam+,Margdy Koutb++ A Network Authentication Protocol Based on Kerberos IJCSNS International Journal of Computer Science and Network Security,VOL.9 No.8,AUGUST [3] Saurabh Ratnaparkhi, Anup Bhange Protecting Against Distributed Denial of ServiceAttacks and its classification :An Network Security Issue Internatiional Journal of Advanced Research In Computer Science and Software Engineering,Volume 3,Issue 1,January [4] wrongnumber.pdf [5] [6] 1.pdf ISSN: EverScience Publications 152
Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models
CS 645 Security and Privacy in Computer Systems Lecture 7 The Kerberos authentication system Last Week Security policy, security models, trust Access control models The Bell-La Padula (BLP) model The Biba
More informationKerberos MIT protocol
Kerberos MIT protocol December 11 th 2009 Amit Shinde Kerberos MIT protocol Motivation behind the design Overview of Kerberos Protocol Kerberized applications Attacks and Security analysis Q & A Motivations
More informationTrusted Intermediaries
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationIntroduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.
Trusted Intermediaries CSC/ECE 574 Computer and Network Security Topic 7. Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center () Representative solution:
More informationAuthentication. Chapter 2
Authentication Chapter 2 Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand how CHAP works Understand what mutual authentication
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Authentication Applications We cannot enter into alliance with neighbouring princes until
More informationThe Kerberos Authentication System Course Outline
The Kerberos Authentication System Course Outline Technical Underpinnings - authentication based on key sharing - Needham-Schroeder protocol - Denning and Sacco protocol Kerbeors V - Login and client-server
More informationCIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries
CIS 6930/4930 Computer and Network Security Topic 7. Trusted Intermediaries 1 Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC) Representative
More informationCryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1
Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management
More informationA Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography
A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography Ashok Kumar J 1, and Gopinath Ganapathy 2 1,2 School of Computer Science, Engineering and Applications
More informationKey distribution and certification
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must be ensured. Problem solution: Certification Authority
More information13/10/2013. Kerberos. Key distribution and certification. The Kerberos protocol was developed at MIT in the 1980.
Key distribution and certification Kerberos In the case of public key encryption model the authenticity of the public key of each partner in the communication must be ensured. Problem solution: Certification
More informationRadius, LDAP, Radius used in Authenticating Users
CSCD 303 Lecture 5 Fall 2017 Kerberos Radius, LDAP, Radius used in Authenticating Users Introduction to Centralized Authentication Kerberos is for authentication only and provides Single Sign-on (SSO)
More informationCSCE 813 Internet Security Kerberos
CSCE 813 Internet Security Kerberos Professor Lisa Luo Fall 2017 What is Kerberos? An authentication server system from MIT; versions 4 and 5 Provide authentication for a user that works on a workstation
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationHow to Integrate an External Authentication Server
How to Integrate an External Authentication Server Required Product Model and Version This article applies to the Barracuda Load Balancer ADC 540 and above, version 5.1 and above, and to all Barracuda
More informationAcknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications
CSE565: Computer Security Lectures 16 & 17 Authentication & Applications Shambhu Upadhyaya Computer Science & Eng. University at Buffalo Buffalo, New York 14260 Lec 16.1 Acknowledgments Material for some
More informationSecurity issues in Distributed Systems
Security issues in Distributed Systems Is Kerberos the Answer? Types of Distributed Systems There are many different types of distributed computing systems and many challenges to overcome in successfully
More informationOverview of Kerberos(I)
Overview of Kerberos(I) Network Authentication Protocol for C/S application based on symmetric cryptosystem TTP authentication service Based on secret key, single login Part of MIT's project Athena (public
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationIMPLEMENTATION OF KERBEROS BASED AUTHENTICATED KEY EXCHANGE PROTOCOL FOR PARALLEL NETWORK FILE SYSTEMS IN CLOUD
[1] [1] ISSN: 0976-3104 SPECIAL ISSUE: Emerging Technologies in Networking and Security (ETNS) Chandravathi et al. ARTICLE OPEN ACCESS IMPLEMENTATION OF KERBEROS BASED AUTHENTICATED KEY EXCHANGE PROTOCOL
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationFactotum Sep. 24, 2007
15-412 Factotum Sep. 24, 2007 Dave Eckhardt 1 Factotum Left Out (of P9/9P Lecture) The whole authentication thing There is an auth server much like a Kerberos KDC There is an authentication file system
More informationThe Kerberos Authentication Service
The Kerberos Authentication Service By: Cule Stevan ID#: 0047307 SFWR 4C03 April 4, 2005 Last Revision: April 5, 2005 Stevan Cule 0047307 SOFTWARE ENGINEERING 4C03 WINTER 2005 The Kerberos Authentication
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationSecurity Handshake Pitfalls
Security Handshake Pitfalls Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr 1 Cryptographic Authentication Password authentication is subject to eavesdropping Alternative: Cryptographic challenge-response
More informationAUTHENTICATION APPLICATION
AUTHENTICATION APPLICATION WHAT IS KERBEROS? Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
More informationUser Authentication Principles and Methods
User Authentication Principles and Methods David Groep, NIKHEF User Authentication - Principles and Methods 1 Principles and Methods Authorization factors Cryptographic methods Authentication for login
More informationNetwork Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions
CHAPTER 3 Network Security Solutions to Review Questions and Exercises Review Questions. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from
More informationA Two-Fold Authentication Mechanism for Network Security
Asian Journal of Engineering and Applied Technology ISSN 2249-068X Vol. 7 No. 2, 2018, pp. 86-90 The Research Publication, www.trp.org.in A Two-Fold for Network Security D. Selvamani 1 and V Selvi 2 1
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK REVIEW ON IMPLEMENTATION OF SECURITY MODEL FOR E-COMMERCE THROUGH AUTHENTICATION
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationCSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni
CSCI 667: Concepts of Computer Security Lecture 9 Prof. Adwait Nadkarni 1 Derived from slides by William Enck, Micah Sherr, Patrick McDaniel, Peng Ning, and Vitaly Shmatikov Authentication Alice? Bob?
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationUnit-VI. User Authentication Mechanisms.
Unit-VI User Authentication Mechanisms Authentication is the first step in any cryptographic solution Authentication can be defined as determining an identity to the required level of assurance Passwords
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More informationConfiguring Kerberos
Configuring Kerberos Last Updated: January 26, 2012 Finding Feature Information, page 1 Information About Kerberos, page 1 How to Configure Kerberos, page 5 Kerberos Configuration Examples, page 13 Additional
More informationCryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)
Cryptology Part 1 Uses of Cryptology 1. Transmission of a message with assurance that the contents will be known only by sender and recipient a) Steganography: existence of the message is hidden b) Cryptography:
More informationAuthentication & Authorization
Authentication & Authorization Anuj Gupta 1, 1 M.Tech Scholar, Department of C.F.I.S, G.I.T.A.M, Kablana, Jhajjar Ashish Kumar Sharma 2 2 Assistant Professor, Department of C.F.I.S & C.S.E, G.I.T.A.M,
More informationAuthentication in Distributed Systems
Authentication in Distributed Systems Introduction Crypto transforms (communications) security problems into key management problems. To use encryption, digital signatures, or MACs, the parties involved
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationGlobal Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationSecurity Handshake Pitfalls
Cryptographic Authentication Security Handshake Pitfalls Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Password authentication is subject to eavesdropping Alternative: Cryptographic challenge-response
More informationKEY DISTRIBUTION AND USER AUTHENTICATION
KEY DISTRIBUTION AND USER AUTHENTICATION Key Management and Distribution No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman
More informationPersistent key, value storage
Persistent key, value storage In programs, often use hash tables - E.g., Buckets are an array of pointers, collision chaining For persistant data, minimize # disk accesses - Traversing linked lists is
More informationKerberos and Active Directory symmetric cryptography in practice COSC412
Kerberos and Active Directory symmetric cryptography in practice COSC412 Learning objectives Understand the function of Kerberos Explain how symmetric cryptography supports the operation of Kerberos Summarise
More informationData Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II
Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II Hello and welcome to today's lecture on secured communication.
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationOutline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication
Outline Security Handshake Pitfalls (Chapter 11 & 12.2) Login Only Authentication (One Way) Login i w/ Shared Secret One-way Public Key Lamport s Hash Mutual Authentication Shared Secret Public Keys Timestamps
More informationKerberos. Pehr Söderman Natsak08/DD2495 CSC KTH 2008
Kerberos Pehr Söderman Pehrs@kth.se Natsak08/DD2495 CSC KTH 2008 Project Athena Started 1983 at MIT 10 000 workstations 1000 servers Unified enviroment Any user, any workstation, any server, anywhere...
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More information"When you have crossed the river and have advanced a little further, some aged women weaving at the loom will beg you to lend a hand for a short
KERBEROS: the fierce watchdog of Haides, depicted as a three headed dog with a serpent's tail, a mane of snakes, and a lion's claws. "And before them a dreaded hound, on watch, who has no pity, but a vile
More informationModule: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent Jaeger 1 Kerberos History: from UNIX to Networks (late 80s) Solves: password eavesdropping Also mutual authentication
More informationAuthentication Protocols
COMP Distributed Systems Protocols Kevin Jeffay Department of Computer Science University of North Carolina at Chapel Hill jeffay@cs.unc.edu October 5, 999 http://www.cs.unc.edu/~jeffay/courses/compf99
More informationUsing Two-Factor Authentication to Connect to a Kerberos-enabled Informatica Domain
Using Two-Factor Authentication to Connect to a Kerberos-enabled Informatica Domain Copyright Informatica LLC 2016, 2018. Informatica LLC. No part of this document may be reproduced or transmitted in any
More informationModule: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent Jaeger CSE543 - Introduction to Computer and Network Security 1 Kerberos History: from UNIX to Networks (late
More informationAuthentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005
Authentication in real world: Kerberos, SSH and SSL Zheng Ma Apr 19, 2005 Where are we? After learning all the foundation of modern cryptography, we are ready to see some real world applications based
More informationAuthentication Handshakes
AIT 682: Network and Systems Security Topic 6.2 Authentication Protocols Instructor: Dr. Kun Sun Authentication Handshakes Secure communication almost always includes an initial authentication handshake.
More informationDatasäkerhetsmetoder föreläsning 7
Datasäkerhetsmetoder föreläsning 7 Nyckelhantering Jan-Åke Larsson Cryptography A security tool, not a general solution Cryptography usually converts a communication security problem into a key management
More informationCopyright
This video will look at configuring the default password policy in Active Directory. These setting determines setting like how long a user password will be, if the password needs to complex, and how many
More informationMarch 26, Abstract
Public-key Cryptography Extensions into Kerberos Ian Downard University of Missouri Rolla Department of Electrical and Computer Engineering 1870 Miner Circle Rolla, MO 65409 Phone: 573-341-8422 Fax: 573-341-4532
More informationBACHELOR THESIS CAPABILITY OF KERBEROS MATTHIJS MEKKING
BACHELOR THESIS CAPABILITY OF KERBEROS MATTHIJS MEKKING JUNE 2006 Contents 1 Introduction 5 1.1 Outline.................................. 5 2 The Kerberos Protocol 7 2.1 Term definitions.............................
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More informationGuide to Windows 2000 Kerberos Settings
Report Number: C4-018R-01 Guide to Windows 2000 Kerberos Settings Architectures and Applications Division of the Systems and Network Attack Center (SNAC) Author: Updated: June 27, 2001 David Opitz Version
More informationCS-630: Cyber and Network Security
CS-630: Cyber and Network Security Lecture # 6: Digital Signatures and Authentication Prof. Dr. Sfi Sufian Hameed Department of Computer Science Authentication Overview Authentication Passwords Secure
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 3.3: Security Handshake Pitfalls CSC 474/574 Dr. Peng Ning 1 Authentication Handshakes Secure communication almost always includes an initial authentication
More informationSecurity Handshake Pitfalls
Hello Challenge R f(k, R f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R. f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone
More informationNetwork Security: Kerberos. Tuomas Aura
Network Security: Kerberos Tuomas Aura Kerberos authentication Outline Kerberos in Windows domains 2 Kerberos authentication 3 Kerberos Shared-key protocol for user login authentication Uses passwords
More informationLecture 08: Networking services: there s no place like
Lecture 08: services: there s no place like 127.0.0.1 Hands-on Unix system administration DeCal 2012-10-15 1 / 22 About Common records Other records 2 / 22 About About Common records Other records Domain
More informationCHAPTER 3. ENHANCED KERBEROS SECURITY: An application of the proposed system
CHAPTER 3 ENHANCED KERBEROS SECURITY: An application of the proposed system 3.1 Introduction Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server
More informationKerberos V5. Raj Jain. Washington University in St. Louis
Kerberos V5 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/ 11-1
More informationIn any of these cases, an unauthorized user may be able to gain access to services and data that he or she is not authorized to access.
e-pgpathshala Subject: Computer Science Paper: Cryptography and Network Security Module: Authentication Application Kerberos Module No: CS/CNS/31 Quadrant 1 e-text Learning Objectives To introduce authentication
More information06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security
1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security Dr. L. Christofi 1 0. Overview As the knowledge of computer networking and protocols has become more widespread, so the threat of
More informationThe KX.509 Protocol. William Doster Marcus Watts Dan Hyde University of Michigan ABSTRACT
The KX.509 Protocol William Doster Marcus Watts Dan Hyde University of Michigan ABSTRACT This document describes the KX.509 protocol. Using this protocol, a workstation can acquire a temporary (or junk
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More informationKerberos and NFS4 on Linux. isginf Workshop
Kerberos and NFS4 on Linux isginf Workshop Stefan Walter 13.03.18 1 Welcome First workshop we organize! Background info and three practical labs Goal is to show you how to get NFS4 with Kerberos working
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 6 - Authentication September 21, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ Project Background and Related Work Due 10/10 Questions to Answer: What is the
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More informationUnderstanding the Local KDC
Appendix C Understanding the Local KDC The local Key Distribution Center (LKDC) facilitates single sign-on for Apple Filing Protocol (AFP) file sharing and screen sharing, and although it is outside the
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2017 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationCT30A8800 Secured communications
CT30A8800 Secured communications Pekka Jäppinen October 31, 2007 Pekka Jäppinen, Lappeenranta University of Technology: October 31, 2007 Authentication Three basic models 1. Something you know Password,
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Security Handshake Pitfalls Login only Mutual
More informationChapter 4 Protection in General-Purpose Operating Systems
Chapter 4 Protection in General-Purpose Operating Systems Charles P. Pfleeger & Shari Lawrence Pfleeger, Security in Computing, 4 th Ed., Pearson Education, 2007 1 An operating system has two goals: controlling
More informationFrom Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005
Chapter 7: Security From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edition 4 Introduction Security policies Provide for the sharing of resources within specified limits
More informationSecurity Handshake Pitfalls
Security Handshake Pitfalls 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: Authenticate each other Establish sessions keys This process may
More informationConfiguring Kerberos
Kerberos is a secret-key network authentication protocol, developed at the Massachusetts Institute of Technology (MIT), that uses the Data Encryption Standard (DES) cryptographic algorithm for encryption
More informationCredential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003
Credential Management in the Grid Security Infrastructure GlobusWorld Security Workshop January 16, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Credential Management Enrollment:
More informationXKDCP: An Inter-KDC Protocol for Dependable Kerberos Cross-Realm Operations
290 JOURNAL OF NETWORKS, VOL. 8, NO. 2, FEBRUARY 2013 XKDCP: An Inter-KDC Protocol for Dependable Kerberos Cross-Realm Operations Saber Zrelli, Nobuo Okabe Corporate R&D Headquarters Yokogawa Electric
More informationNetwork Security (NetSec)
Chair of Network Architectures and Services Department of Informatics Technical University of Munich Network Security (NetSec) IN2101 WS 17/18 Prof. Dr.-Ing. Georg Carle Dr. Heiko Niedermayer Cornelius
More informationUser Security Configuration Guide, Cisco IOS XE Fuji 16.8.x (Cisco ASR 920 Routers)
User Security Configuration Guide, Cisco IOS XE Fuji 16.8.x (Cisco ASR 920 Routers) Configuring Kerberos 2 Finding Feature Information 2 Prerequisites for Configuring Kerberos 2 Information About Configuring
More informationSEMINAR REPORT ON BAN LOGIC
SEMINAR REPORT ON BAN LOGIC Submitted by Name : Abhijeet Chatarjee Roll No.: 14IT60R11 SCHOOL OF INFORMATION TECHNOLOGY INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR-721302 (INDIA) Abstract: Authentication
More information